Privacy Policy

Last updated: February 27, 2026

The operator of the Inner Battery application (the "App"), available at innerbattery.com, is:

Inner Battery s.r.o., IČO: 24526746, sídlo: Nové sady 988/2, Staré Brno, 602 00 Brno
Contact email: info@innerbattery.com

Inner Battery s.r.o. acts as the data controller within the meaning of the General Data Protection Regulation (GDPR).

1. What data we collect

Data	Purpose	Legal basis
Email address	Login and user identification	Contract performance
Nickname	Display in the app to other users	Contract performance
Avatar (numeric code)	Visual identification in friends list	Contract performance
Country code	Language and currency settings	Legitimate interest
Language	Displaying the app in the correct language	Legitimate interest
Messages (text up to 160 characters)	Core app function – sending messages	Contract performance
Friends list	Social features of the app	Contract performance
Payment data (Paddle)	Processing gift battery purchases	Contract performance
Device hash (SHA-256)	Abuse protection (limiting anonymous messages)	Legitimate interest
Browser user agent	Device identification for abuse prevention	Legitimate interest

2. What we do NOT collect

Full name or surname
Home address
Phone number
IP addresses are not stored or retained; they may be briefly processed technically when establishing a connection to the server
Precise location (only country code from browser settings)
Payment card details (processed directly by Paddle, never reach our servers)

3. How we use your data

We use your data exclusively for:

Operating the app and its core features (login, messaging, friends list)
Processing payments for premium features
Protecting against abuse (limiting anonymous messages)

Where we rely on legitimate interest as a legal basis (country code, language, device hash, user agent), our legitimate interest consists in protecting the App against abuse and ensuring platform security and quality (e.g. limiting anonymous messages per device, correct language settings). We have conducted a balancing test to ensure that your rights and freedoms are not overridden by our interests.

We do not sell and do not share your data with third parties for marketing purposes.

4. Data processors (third parties)

Service	Purpose	Location
Google Firebase (Auth, Firestore, Functions)	App infrastructure, data storage, and server-side logic	EU (europe-north1 and europe-west1 regions)
Paddle.com Market Limited	Payment processing (Merchant of Record)	United Kingdom
Google (Sign-In)	Authentication via Google account	USA
Apple (Sign in with Apple)	Authentication via Apple account	USA/Ireland
OpenStreetMap Nominatim	One-time country code detection (coordinates not stored). When using the service, your IP address may be technically transmitted to OpenStreetMap servers.	EU

Data transfers to the USA comply with the EU-US Data Privacy Framework or other appropriate safeguards under Article 46 GDPR, including Standard Contractual Clauses (SCCs) where applicable.

5. Data stored in your browser

The app stores some data locally in your browser (localStorage) for faster performance:

Language preferences
Payment currency
Friends list cache
Notification read status

This data never leaves your device and can be deleted at any time by clearing your browser data.

6. Data retention

Data	Retention period
User account and profile	Until account deletion by user, or automatically 90 days after license expiration
Messages	Until account deletion by user, or automatically 90 days after license expiration
Temporary message links	24 hours to 30 days (depending on type)
Gift tokens	90 days from purchase (unredeemed token expiration)
Payment records	As required by law (minimum 10 years)

7. Your rights (under GDPR)

You have the right to:

Access – request a copy of your data
Rectification – correct inaccurate data
Erasure – request deletion of your account and all data
Portability – obtain your data in a machine-readable format
Restriction – request restriction of processing (Art. 18)
Object – object to processing based on legitimate interest (Art. 21). We will then assess whether our legitimate grounds override your interests.
Withdraw consent – where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before the withdrawal
Lodge a complaint with the Czech Office for Personal Data Protection (uoou.cz) or your local supervisory authority within the EU/EEA

To exercise your rights, contact us at: info@innerbattery.com

8. Automated decision-making

We do not carry out automated decision-making or profiling within the meaning of Article 22 GDPR.

9. Security

Your data is protected by encryption in transit (HTTPS/TLS), Firebase security rules (Firestore Security Rules), and hashing of sensitive identifiers (SHA-256). Payment data is processed exclusively by Paddle, certified PCI DSS Level 1.

In the event of a personal data breach, we will notify affected users and the relevant supervisory authorities where required by law.

10. Children

The app is not intended for children under 16. We do not knowingly collect data from children. If we discover that we have collected data from a child, we will promptly delete it.

If you reside in a jurisdiction where the minimum age for providing consent differs, the higher age requirement under applicable law applies.

11. Changes to this policy

We will notify you of material changes to this policy via an in-app announcement. By continuing to use the app after changes are published, you agree to the updated policy.